github_app_access_token: add support for private key fact (#8989)

* github_app_access_token: add support for private key fact

Adds support for specifying the GitHub App private key via an ansible
fact instead of a path to a file.

This is useful when you want to generate registration tokens for a
remote host but don't want to put secrets on the host.

* Add license file

* Fix pep8 formatting

* Add changelog fragment

* Run sanity tests on changelog

* Apply suggestions from code review

Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Felix Fontein <felix@fontein.de>

* Add input validation check

* Add import

* Apply suggestions from code review

Co-authored-by: Felix Fontein <felix@fontein.de>

* Add error for mutually exclusive options

* Update plugins/lookup/github_app_access_token.py

Co-authored-by: Felix Fontein <felix@fontein.de>

---------

Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
This commit is contained in:
lewismiddleton 2024-10-21 19:53:18 +01:00 committed by GitHub
commit 5b3b7a1fb1
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
7 changed files with 106 additions and 6 deletions

View file

@ -32,7 +32,7 @@ class MockResponse(MagicMock):
class TestLookupModule(unittest.TestCase):
def test_get_token(self):
def test_get_token_with_file(self):
with patch.multiple("ansible_collections.community.general.plugins.lookup.github_app_access_token",
open=mock_open(read_data="foo_bar"),
open_url=MagicMock(return_value=MockResponse()),
@ -50,3 +50,21 @@ class TestLookupModule(unittest.TestCase):
token_expiry=600
)
)
def test_get_token_with_fact(self):
with patch.multiple("ansible_collections.community.general.plugins.lookup.github_app_access_token",
open_url=MagicMock(return_value=MockResponse()),
jwk_from_pem=MagicMock(return_value='private_key'),
jwt_instance=MockJWT(),
HAS_JWT=True):
lookup = lookup_loader.get('community.general.github_app_access_token')
self.assertListEqual(
[MockResponse.response_token],
lookup.run(
[],
app_id="app_id",
installation_id="installation_id",
private_key="foo_bar",
token_expiry=600
)
)